Getting "This token is not intended for us" when decoding ID Token

mediawebstore · June 21, 2017, 2:02am

I do a login with Lock and request a id_token with CURL. It’s all ok until I want to decode the id_token with verifyAndDecode.
I get an error “This token is not intended for us” that I verified is a aud that not match with my clientID, but in JWTVerifier config I have setting it right.
For security I have a verify in jwt.io of the id_token returned from login and with my client secret I get “Signature Verified”, so I can’t understand because of this error.

$verifier = new JWTVerifier(
                'valid_audiences' => 'MY_CLIENTID',
                'client_secret' => base64_encode('MY_CLIENT_SECRET'),
            ]);
            $decoded = $verifier->verifyAndDecode($response'id_token']);

jmangelo · July 17, 2017, 5:29pm

Based on the documentation for JWTVerifier available in the GH repository the valid_audiences option seems to expect an array, more specifically, it seems your code should be 'MY_CLIENTID'] instead of just 'MY_CLIENTID'.

I’m not very knowledgeable in PHP, but it’s the one thing that pops up when comparing your code to the sample code.

Topic		Replies	Views
[ solved ] Fails to decode id_token JWT.io jwt	2	4264	December 25, 2018
Audience (aud) claim mismatch in the ID token Help	4	7806	February 21, 2020
Changing audience field for JWT authentication response Help login-experience , new-universal-login-experience	5	3036	January 27, 2023
Verify JWT token without knowing client id/secret Help auth0-php	5	5798	November 20, 2021
Can't Validate Token w/JWT Help sessions , authentication-sessions	4	1970	June 11, 2023

Getting "This token is not intended for us" when decoding ID Token

Related topics